Virtual Private Networking – VPN – is a technology that allows remote workers to get access to your business LAN as if their PC or laptop were connected directly to it. With your staff set up with VPN they can continue working away from the office in exactly the same way; they can browse local network folders, access your company intranet and any other local network services you wouldn’t expose over the open internet for security reasons.

The VPN connection effectively creates a private, encrypted tunnel into your local network. The connection travels over the public internet, but behaves as if it was a dedicated, private connection. DrayTek’s Vigor 2820VN router features a hardware-based VPN service, so you don’t need to be running a server operating system with VPN enabled on your business network – the router will do it all for you. There’s no need for any extra software on the client side either: Windows XP and Vista have VPN connection capability built-in.VPN is a topic that’s stuffed with highly confusing jargon and acronyms. However, once you’re familiar with some of the terminology and the parts relevant to you, it’s easy to set up and use.VPN protocols

You can choose from three VPN protocols: PPTP, IPSec and L2TP. All three are simply different methods of achieving the same thing: transmitting and receiving information over a VPN connection. The easiest method to use if your workers are connecting using laptops or PCs running Windows XP or Vista is PPTP. PPTP simply stands for point-to-point tunnelling protocol. However, you need to be aware that PPTP by itself doesn’t provide encryption of the connection, meaning a third-party could potentially snoop on the data passing to and from your office network. But with the DrayTek router you can specify that the PPTP must be encrypted with a Microsoft scheme called MPPE (Microsoft point-to-point encryption protocol). With the DrayTek’s hardware encryption engine, you don’t need to worry about encryption affecting network performance, and if you prefer the newer IPSec protocol with AES encryption instead, that’s fully supported too.

Setting up the router

Setting up VPN on the 2820 is a just a few minutes’ work. In the router’s web-based setup pages, you just need to click on the ‘VPN and Remote Access’ section. You can then specify you want PPP connections to force 128-bit MPPE encryption, ensuring they’re secure. All you need do then is set up a username and password for each of up to 32 users you want to be able to access the network. Connecting to the office with a Windows PC or laptop . That’s all you need to do on the router’s side of things to enable secure access to your network. To connect over the internet via a Windows XP or Vista laptop, you just need to go through Windows’ New Network Connection wizard, and specify a new VPN connection to a workplace. All you need to know in order to connect is the IP address of the router’s WAN connection, the username and password you’ve specified and you’re away.

There’s no need to specify the protocol to use – Windows will auto-negotiate with the router to sort out the connection details and encryption. It’s best if the IP address of the router remains static, so that it’s guaranteed to remain the same once a connection is set up. But if the broadband connection to your business doesn’t have a static IP address, your DrayTek router can come to the rescue with its dynamic DNS facilities. This allows you to assign a hostname of the form yourbusiness.dyndns.org to your router, and that will always remain the same even if the IP address changes. You can then use that hostname instead of an IP address when setting up the VPN connection, so it will always work. Basic dynamic DNS services from sites like www.dyndns.com are completely free.

Beyond remote access

Remember that VPN isn’t just for individual workers connecting back to the office LAN. If you have offices in two locations, you can use two DrayTek routers to create a VPN bridge between them, effectively making them one single network.